OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-users] Re: [cti-taxii] TAXII Information Request and Response Proposal

Hi Ringo;

First, *thank you* for reviewing and commenting on our proposal, I think you are the first to do so!

Since the OASIS face-to-face I have been thinking on this proposal, and I have also come to to the conclusion that we need to de-couple this whole thing from channels because I don't want that dependancy, so I agree with your comments. I had already been planning to change it to add a new "/rfi" TAXII endpoint, to eliminate the need for a channels. The only reason I haven't made these changes yet is I haven't had any time to sync with Terry MacDonald (my co-author on this proposal) and did not want to blind-side him.

That said, *I did not plan to remove the ability to query via channel*, as I still think this is an important part of the proposal and it is something Terry has been working for for a long time. The analogy of a "chat room" for channels is somewhat accurate; when you publish a message on a channel, anyone who has permissions to the channel should see the message. The use case is for sharing high-volume data that is meant to be collated vs. stored, such as sightings, opinions, and other types such as this "RFI".

Again thanks for the feedback... FYI though I want to point out that as this is the CTI-users list, if and when this proposal makes it into the CTI development process (which I hope it does relatively soon), I won't be able to comment on it here anymore as at that point only TC members can help with the development.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security

"Things may come to those who wait, but only the things left by those who hustle." - Unknown




From:        ringo <ringowathelet@gmail.com>
To:        CTI-Stix-User <cti-users@lists.oasis-open.org>
Date:        02/16/2018 04:02 AM
Subject:        [cti-users] Re: [cti-taxii] TAXII Information Request and Response Proposal
Sent by:        <cti-users@lists.oasis-open.org>




Reading the "TAXII Information Request and Response proposal” challenged my understanding of the purpose of TAXII channels and how they maybe used.

My understanding of publish-subscribe channels is that publishers send their data to a channel and
the subscribers pick it from the channel as they see fit. As opposed to subscribers asking publishers for data through requests messages, basically a client-server system.
I believe the burden of serving channels/topics/contents/... should be on the TAXII server not on the publisher.

Are TAXII channels intended to be like a “chat” rooms for client to exchange structured messages or for them to be pub/sub of STIX data streaming on the channel?













 



















[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]